Spammers, Scammers, and Vishers: You’d Better Watch Out!

We’re keeping a list and checking it twice. So now we can tell you who’s naughty or nice.

We’re having a little holiday fun but the topic is serious: The deliberate targeting of the contact center voice channel by voice phishers (vishers) and scammers intent on infiltrating organizations for criminal gain.

We all know the advent of the omni-channel contact center means a better experience for customers as they can now get the information and support they need through the channel of their choice. Even so, despite the growing popularity of digital communication options like text and web chat, the phone is still the one place people continue to turn to when seeking a more personal, human-to-human interaction, particularly when dealing with complicated or sensitive issues. 

The inbound call voice channel, unfortunately, has also become a favored avenue for skilled cyber-thieves who have proven remarkably adept at circumventing standard security measures.

Vishers and Scammers Are Targeting Your Voice Channel

Scam calls, robocalls, and spam storms all degrade network integrity, undermine workforce optimization, and impact agent response to legitimate customer callers. But none of these carry the level of risk associated with the tactic of vishing. Sophisticated vishers, armed with personal information harvested from social media and/or Dark Web sources, are using impersonation and psychological manipulation to lure their inbound call recipients into scams. While everyday citizens have been targeted by phone scammers for years, today’s new breed of cyber-criminals are increasingly finding success exploiting the far more lucrative pursuit of enterprise hacking via the inbound call voice channel. And their preferred point of access? The contact center agent at the other end of their calls. 

So what, exactly, makes the contact center voice channel such an attractive target, and what can be done to fend off these nefarious attacks?

Consider the following elements:

1. Motivation

Contact centers often support resource-rich organizations, like hospitals, banks, insurance companies, and government entities. Inbound call center agents serve as the boundary that separates the organization’s protected information from public exposure. And so, they make enticing targets for criminals looking to break into those customer accounts or gain network access to plant ransomware or exfiltrate customer data.  

2. Anonymity

The transition from analog phone service to low-cost, high-quality VoIP calling has been a boon for phone-centric business operations like call centers. It also allows cybercriminals to perpetrate large-scale inbound phone fraud call campaigns with abandon. Hiding behind digitally altered spoof caller IDs and operating from untraceable overseas centers, criminal gangs are perpetually flooding unprotected voice networks in search of vulnerable targets with little risk of getting caught.  

3. Agent Responsiveness

Ignoring calls from unknown sources is a common practice for individuals wishing to avoid robocalls or scammers on their personal phones. However, the contact center agent is expected to answer each inbound call – ideally as quickly as possible. They work under sometimes dueling pressures, making sure they see the process of issue resolution through to the full satisfaction of their customer caller while, at the same time, meeting time-pressured KPIs. They are, at once, making sure customer callers receive all the information they need to resolve an issue while remaining attentive to their organization’s security protocols. It is a balancing act that makes voice channel interactions uniquely challenging, uniquely personal, and therefore uniquely vulnerable to the psychological tactics employed by skilled vishers.   

4. The Persuasive Power of Voice

Unlike email or text/chat conversations, a voice call creates an immediate connection between caller and call recipient. And, unlike text-based interactions, voice conversations have an emotional element that can be beneficial for agents when driving a positive customer experience. Voice is also a powerful tool for threat actors when advancing their fraudulent activity against human targets. 

Look to Five9 Integration

The bottom line: Criminal actors are taking advantage of the one element in an organization’s threat defense strategy that is innately fallible – the human connection. Employee training is important, but given the number of recent, high-profile vishing-related attacks that have successfully breached the likes of Twitter, Cisco, Twilio, Robinhood, and, most recently, MGM Resorts, more needs to be done. 

The answer: Apply a technology-based, call center software solution purpose-built to identify and block nefarious callers from your voice channel at the very start of the inbound call path before those callers have the chance to reach, disrupt, and exploit a vulnerable agent target.